[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [was] The ID generation issue
Jeff Williams wrote: > I agree with the idea to delete the date from the ID. I also like the > idea behind the URI approach to ID's. But I think that the ID should be > separate from the location of the repository where the evdl entries are > stored. > http://repository.com/evdl/thinkingstone/protect/123456 You want to separate the functions of publishers and repositories? That's a good point. I agree. > Your point about different parts of the EVDL having different IDs is > interesting. Well, I'd really like to see the parts be independent from each other. Otherwise I don't see who will adopt them as standard. Vulnerability scanner people are not interested in metadata or protect. Web application firewall people are not interested in anything but Protect. And so on... Take me, for example. I am prepared to convert my ModSecurity Rule Database to store EVDL Protect rules. I can probably afford to create Protect entries but I don't have resources to deal with the other parts. For me, the ideal thing would be to reference the existing SecurityFocus or Secunia (or some other) vulnerability entries. I would be happy to reference a main EVDL entry somewhere... but it doesn't exist. > Personally, I would like to make sure that all the EVDL > parts related to a single vulnerability can be correlated somehow. Agreed, but what is a single vulnerability? It would be great if we could fund an EVDL vulnerability database effort but I don't think that's likely to happen. Otherwise if you don't have a single metadata entry then how are you going to find part instances that relate to the same problem? The best approach I can think of is to specify a search mechanism and to use various search criteria: vendor, product name, product URL, product version come to mind. External references could be useful too. E.g. "show me all entries related to PHPBB, version 4.0.10". It would be the job of the repository to index the entries and to produce search results. After considerable consideration I believe the following is the only feasible solution: tstone-01234 for the main entry and: tstone-01234-protect for other EVDL parts. -- Ivan Ristic (http://www.modsecurity.org)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]